[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Upgrading to 2.1.8 breaks binding
Are you storing encrypted password in your ldap database? If so, did you
--enable-crypt when you compiled?
> Since I upgraded from 2.0.25 to 2.1.8 I can no longer bind from
> authentication clients like radius to my openldap server. When I try,
> the error reported in my ldap log file is:
>
> Conn=3 op=0 RESULT tag=97 err=49 text=
>
> It turns out that error 49, from ldap.h, means that the credentials are
> invalid (LDAP_INVALID_CREDENTIALS). I know I'm using the correct
> password of the entry I'm trying to bind as. I've also tried to bind as
> that entry to read its own entry using ldapsearch. But version 2.1.8
> won't allow me to bind as this (or any other except Manager and Admin)
> entry. However, version 2.0.25 did. 2.1.8 will only allow me to bind
> as cn=Manager,dc=example,dc=org or as cn=Admin,dc=example,dc=org. It
> will not allow binding by any other entry in the database.
>
> I'm using virtually the same config file, the only change being that
> I've included "allow bind_v2" and I've changed ldbm to bdb as the
> backend database (I also upgraded the Berkeley db to version 4).
>
> My access list is as follows:
>
> access to attr=userPassword
> by self write
> by anonymous auth
> by dn="cn=Admin,dc=example,dc=org write
> by * none
> access to *
> by self write
> by dn="cn=Admin,dc=example,dc=org" write
> by * read
>
> Can anyone help me figure out what I need to do to recover the lost
> functionality?
>
> Thanks,
>
> Mike